KnowBe4 Report: 2019 Phishing by Industry Benchmarking

How are you doing compared to your peers of similar size?

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up! IT security seems to be a race between effective technology and clever attack methods. However, there’s an often overlooked security layer that can significantly reduce your organisation’s attack surface: New-school security awareness training.

The 2019 study analysed a data set of nearly nine million users across 18,000 organisations with over 20 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Top 3 industries by company size.

Do you know how your organisation compares to your peers of similar size? Download your report to learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Phishing vs Spear Phishing

The Osterman Research White Paper ‘Best Practices for Implementing Security Awareness Training’ reveals a wide range of issues that concern security professionals. One of which being more than 90% of organisations report that phishing and spear phishing attempts reaching end users during 2018 are either increasing or staying at the same levels.

While phishing and spear phishing attacks are similar, there are many key differences to be aware of.

A phishing campaign is very broad and automated, think ‘spray and pray’.

It doesn’t take a lot of skill to execute a massive phishing campaign. Most phishing attempts are after things like credit card data, usernames and passwords, etc. and are usually a one-and-done attack. 

On the other hand, spear phishing is highly targeted, going after a specific employee, company, or individuals within that company.

This approach requires advanced hacking techniques and a great amount of research on their targets. Spear phishers are after more valuable data like confidential information, business secrets, and things of that nature. That is why a more targeted approach is required; they find out who has the information they seek and go after that particular person. A spear phishing email is really just the beginning of the attack as the bad guys attempt to get access to the larger network.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

KnowBe4 named UK’s Security and Consultancy Provider of the year

KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, announces it has won Network Computing’s Security Training and Consultancy Provider of the Year award.

KnowBe4’s CEO Stu Sjouwerman said, “We are very happy to win this award and are committed to the UK market. We’ve seen explosive growth with organisations recognising the need for training to improve their security culture. Additionally, we are working with UK based organisations such as Twist and Shout to continue to provide relevant and Netflix quality content.” Sjouwerman further noted, “We are also very proud of our UK team for their dedication to our customers.”

According to Verizon’s 2019 data breach investigation report, Phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

Sources:

Webinar Recording: Why Phishing Attacks Work & What You Can Do About Them

It is generally accepted that by far the greatest risk to the security of your corporate data are your employees themselves who may unwittingly fall victim to phishing attacks. Industry figures indicate 60% of UK office workers receive a Phishing email at least once a day.

Yet a YouGov study funded by Bluecoat indicated that just 6% of British employees have received training in how to deal with phishing attacks. Find out in 15 minutes what you can do to significantly reduce the risk of a user unknowingly installing malware in your organisation.

Phishing- Are you ready to be caught out?

By Anthony Mortimer, Account Manager, Netutils

AnthonyMortimerViews expressed in this post are original thoughts posted by Anthony Mortimer. These views are his own and in no way do they represent the views of the company.

In the age of commercialised hacking, organisations are experiencing greater frequency and sophistication of attacks than ever before, this is driven simply by the commercial value corporate data represents to criminals. According to Trend Micro 90% of all known successful data breaches in 2012/2013 were attributed to Phishing attacks.

At Netutils we see and talk to a broad range of organisations all with very different views to the risk these threats pose. For many smaller organisations the presence of a firewall and basic security is seen as sufficient; but here’s why these smaller businesses should be concerned.

For a start criminals are now regularly targeting suppliers or customers of big organisations as the staging point to attack the bigger network. More importantly we are seeing a trend for large businesses to dictate security policy to their suppliers for them to continue to trade with them or to win new contracts.

A significant growth area is in the use of targeted Phishing emails and more focussed spear phishing attacks tailored to specific individuals based on pharmed data. These types of attacks are becoming more difficult to mitigate against putting significant stresses on IT department’s budgets.

We have witnessed organisations handling these threats with 2 broad methodologies:

  • Deployment of technology to counteract attacks
  • End user training

It is generally accepted that by far the greatest risk to the security of your corporate data are your employees themselves who may unwittingly fall victim to phishing attacks. According to industry figures 60% of UK office workers receive a Phishing email at least once a day. In addition the greatest issue with regards to end user training is that for most organisations it is difficult to deliver such a course in a way that will make a real difference. Businesses will often run a single awareness session and hope that will mitigate the risk. Unfortunately Phishing attacks are dynamic, although they follow a similar pattern the content and mechanisms change, unless staff are made aware of these on a regular basis the training deployed may only have value for a few weeks after delivery until a new form of attack is devised.

The second method of combating these threats is via the deployment of technology, this poses real issues to businesses and it can be argued many traditional signature based solutions offer little real protection. This is essentially because they rely on a known database of attack signatures to spot and block an attack. However with the rise in commercial hacking activities self-service malware portals can provide the enterprising hacker with a unique piece of malware for as little as $100 that can sit undetected on corporate machines, up until it is discovered and the signature published.

At Netutils we believe that effective mitigation requires a layered approach to handling these issues. At the heart of our solution set are 2 key elements: ongoing security training via our interactive training platform (PhishAware) and cutting edge signature less technology.

If you have any concerns about the impact of Phishing in your business then do please contact a solutions expert from our team on:

t: 020 8783 3800
e: info@netutils.com

PhishAwareTrial